12 Ways to Improve Magento 2 Security and Performance
Download as PPT, PDF2 likes568 views
The document outlines strategies to improve Magento 2's security and performance, covering essential areas such as environment settings, caching, and security permissions. It emphasizes the importance of optimized database solutions, access control, and application configurations to safeguard against vulnerabilities. Additionally, it provides resource links for further guidance on Magento setup and security practices.
![#MM17DE
Recommended list of extensions
Sufficient memory_limit 768MB
XDebug adds extra 20% to response time
OpCache with recommended settings:
- Enough memory portion to fit the code [512MB]
- Max_accelerated_files_count [60000]
- Timestamp validation / Consistency checks
Note: Max performance will be achieved only if
OpCache is enabled.
Environment Settings: PHP
php-bcmath
php-cli
php-common
php-gd | php-imagick
php-intl
php-mbstring
php-mcrypt
php-pdo
php-soap
php-xml](https://image.slidesharecdn.com/pavlookhremmm17de-170523094758/85/12-Ways-to-Improve-Magento-2-Security-and-Performance-5-320.jpg)
12 Ways to Improve Magento 2 Security and Performance
- 1. #MM17DE Pavlo Okhrem CEO at Elogic Commerce 12 Ways to Improve Magento 2 Security and Performance OFTOPIC Your Company logo
- 2. #MM17DE CEO and Co-Founder at eLogic Commerce Vice president of International affairs at Cluster BIT Co-founder and chairman at Chernivtsi IT CEO Club Participant in international business programs in Sweden and Norway Not married
- 3. #MM17DE Performance 1. Environment settings: PHP 2. Job Que 3. DB solutions: Scaling 4. Client side features 5. Advanced caching 6. Images compression, CDN 7. Profiling instruments for code optimization 8. Catalog search optimization Agenda Security 9. Permissions 10. Secure workflow/deployment 11. Server side logging configuration 12. Best practices of application configura for security purposes
- 5. #MM17DE Recommended list of extensions Sufficient memory_limit 768MB XDebug adds extra 20% to response time OpCache with recommended settings: - Enough memory portion to fit the code [512MB] - Max_accelerated_files_count [60000] - Timestamp validation / Consistency checks Note: Max performance will be achieved only if OpCache is enabled. Environment Settings: PHP php-bcmath php-cli php-common php-gd | php-imagick php-intl php-mbstring php-mcrypt php-pdo php-soap php-xml
- 6. #MM17DE Job Queue Integration with RabbitMQ. Available only in Enterprise Edition. Asynchronus jobs execution
- 7. #MM17DE DB Solutions: Scaling (EE) Main (Catalog)Main (Catalog) MasterMaster Checkout Master Order MS Master Main Slave Catalog Slave Checkout Slave EAV Slave … Available only in Magento 2 Enterprise Edition
- 8. #MM17DE DB Solutions: Scaling (EE) Adding a Slave database: CLI: magento setup:db-schema:add-slave Moving a separate part to a separate master database: CLI: magento setup:db-schema:split-quote CLI: magento setup:db-schema:split-sales
- 9. #MM17DE Configuration: Client side features Minification (CSS, JS, HTML) JS resources bundling Caching of static content Images compression CLI: magento catalog:images:resize
- 10. #MM17DE Caching
- 11. #MM17DE Caching Can be used used as page cache and session storing
- 12. #MM17DE CDN and image compression CDN will help you to deliver content faster. Reduce images size where possible. Use JPEG format for catalog pictures.
- 13. #MM17DE Code optimization Using the Zend Z-Ray, you can inspect, debug, and optimize your pages, and easily add additional functionality.
- 14. #MM17DE
- 15. #MM17DE Catalog search Magento 2 EE provides the support for Solr – a robust catalog search engine option. Elasticsearch utilizes the RESTful web interface as well as uses schema-free JSON documents. Merchants prefer this search engine, because it offers real-time search, high scalability, and enterprise- level performance.
- 16. #MM17DE One more useful thing
- 18. #MM17DE Permissions The owner of the Magento file system: Must have full control (read/write/execute) of all files and directories. Must not be the web server user; it should be a different user. The web server user must have write access to the following files and directories: var app/etc pub In addition, the web server's group must own the Magento file system so that the Magento user (who is in the group) can share access to files with the web server user.
- 19. #MM17DE Permissions All directories have 770 permissions. 770 permissions give full control (that is, read/write/execute) to the owner and to the group and no permissions to anyone else. All files have 660 permissions. 660 permissions mean the owner and the group can read and write but other users have no permissions.
- 20. #MM17DE Workflow Limit the access to the production server. Ideally, with the help of CI, so nobody will have access to the live container Limit admin access (use different roles) Only 1 person should have the access to merging commits and deploying them to the live environment Purchase extensions from verified extensions providers
- 21. #MM17DE Server logging Configure the logging in a way that it detects all of the suspicious activities on your server Configure the firewall Use Fail2Ban to ban all of the suspicious activities on your server
- 22. #MM17DE Application configuration Change the default admin url path Change the default downloader url path Use only secure communications protocol (SSH/SFTP/HTTPS) Use strong, long, and unique passwords, and change them periodically. Immediately install patches when new security issues are discovered.
- 23. #MM17DE One more thing Close all of the unnecessary ports on your server Restrict SSH access by IP Use password managers like LastPass, PassPack etc to store password securely
- 24. #MM17DE Useful resources https://elogic.co/blog/ultimate-magento-performance-guide-nginxhttp2php-7-0- 8/ - How to configure Magento with http/2 https://elogic.co/blog/magento-security-lifehacks/ - Magento security lifehacks https://github.com/magento/magento2-zray - Magento2 z-ray plugin https://www.linkedin.com/pulse/20141210024646-1143212-22-ways-to- bulletproof-your-magento-security - 22 Ways to bulletproof your magento security
- 25. #MM17DE Contact me Email: pavlo@elogic.co Phone: +38(050)764-1000 Skype: okhrempavlo LinkedIn: /paulokhrem Facebook: /puncher